Joanna Tuffy (Dublin Mid West, Labour)
Link to this: Individually | In context

Question 70: To ask the Minister for Finance his views the way the Central Bank of Ireland and the Financial Regulator will have an oversight of banking operations here when some banks have outsourced their operations overseas, including in some cases their entire IT Departments; and if he will make a statement on the matter. [33937/12]

Joanna Tuffy (Dublin Mid West, Labour)
Link to this: Individually | In context

Question 71: To ask the Minister for Finance if, in relation to problems that occurred with Ulster Bank's information technology systems, if there is an oversight by the Central Bank of Ireland in respect of the information technology policies of the bank to ensure appropriate safeguards in that policy; and if he will make a statement on the matter. [33944/12]

Terence Flanagan (Dublin North East, Fine Gael)
Link to this: Individually | In context

Question 72: To ask the Minister for Finance his views on a matter (details supplied); and if he will make a statement on the matter. [33946/12]

Michael Noonan (Limerick City, Fine Gael)
Link to this: Individually | In context

I propose to take Questions Nos. 70 to 72, inclusive, together.

I have been informed by the Central Bank that they review the operational risk framework and the assessment processes in place to assess and to test the proper functioning of processes and controls in all the banks licenced in Ireland. This ongoing supervision and assessment of operational risk includes an assessment of banks IT systems and policies. It also reviews the banks internal audit programme.

In addition to reviewing the results and findings from the banks own operational risk and internal audit examinations, the Central Bank assesses the robustness, the independence and the competencies of those functions to ensure they are fit for purpose and offer a strong challenge and test of the operating systems, processes and management of the business. Where they find unacceptable remediation work by a bank based on their operational risk or audit procedures, they establish risk remediation actions for the bank with clear deadlines and deliverables.

Included in the operational risk framework is business continuity planning and contingency arrangements and the banks own processes for testing those plans. The Central Bank does not test the operation of the contingency arrangements themselves nor do they second guess the technical systems and processing arrangements that the banks have established as this would require a technical knowledge of such systems and detailed knowledge of their operation. However, the Central Bank ensures that the banks plans are put through a proper governance process and they are reviewed and approved by the relevant risk committees of the licenced banks.

The Central Bank in conjunction with the UK Financial Services Authority (FSA), will be undertaking a review of the situation that arose at Ulster Bank. This review will include a focus on lessons learnt, which will then be used by the Central Bank in its ongoing oversight of operational risks faced by all banks licenced in Ireland, including outsourcing risks. In addition, the Irish Payments Services Organisation, in conjunction with the Central Bank, has commissioned an independent review of the risk assessment methodologies applied by the clearing companies, the Irish Paper Clearing Company Limited and the Irish Retail Electronic Payments Clearing Company Limited.

Additionally, the FSA will require the RBS Group to provide it with a report by a skilled person on the incident. The Central Bank has provided input to the scope of that FSA report to ensure that the review covers all areas of the RBS Group including a specific review of Ulster Bank Ireland Ltd.

Both the RBS internal review and skilled persons report will inform as to the causes of the incident including adequacy of resources and the role of outsourcing.